Re: Referer from https

[Sake Blok <sake () euronet nl>]

On 10 feb 2011, at 03:06, Stephen Fisher wrote:

> On Wed, Feb 09, 2011 at 03:26:22PM -0500, Maverick wrote:
>
> > If a user is clicked on a link from an https site and that link isn't 
> > using ssl itself can we detect the refere information in that case.
>
> Yes, but then it isn't an "https" site and is instead an "http" site.

Funny, I would have expected this to (a "https://xxx referer in the http request), but I just tested with Firefox and 
whenever I follow a link on an https page to a non-https page (either on the same site or a different site), there is 
just no "Referer:" header. I'm not sure how other browsers are dealing with this, so I checked the RFC[1]. It states in 
15.1.3:


   Clients SHOULD NOT include a Referer header field in a (non-secure)
   HTTP request if the referring page was transferred with a secure
   protocol.


So there is your answer why you don't get the referer information.

Cheers,


Sake

[1]  http://tools.ietf.org/html/rfc2616#section-15.1.3
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe